RequestHeader unset Expect early
RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Forwarded-Proto https early

# Cannot redirect to HTTPS for *.id.fedoraproject.org or set 
# "includeSubdomains", because relying parties need to be able to access 
# username.id.fedoraproject.org via plain HTTP 

RewriteEngine on

RewriteMap lowercase int:tolower

{% if env == "staging" %}
RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.stg\.fedoraproject\.org$
{% else %}
RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.fedoraproject\.org$
{% endif %}

RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]

{% if env == "staging" %}
RewriteRule ^([a-z0-9-]+)\.id\.stg\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ [P,L]
{% else %}
RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/ [P]
{% endif %}
